Debian PHP 5 Security Issues

To prevent Denial of Service attacks by exhausting the number of available temporary file names, the max_file_uploads option introduced in PHP 5.3.1 has been backported.

Due to the nature of this new option a default limit has been set to 50, hoping it is sensible enough to not to cause disruptions on existing services. The value of this new limit can be changed in the php.ini file.

If you installed the php5-suhosin extension there was a limiting mechanism in place already. In this case you may want to make sure the new limit imposed by PHP itself is not smaller than suhosin's.